Skip to content

Instantly share code, notes, and snippets.

Last active July 28, 2023 15:15
Star You must be signed in to star a gist
What would you like to do?
AWS API calls that return credentials
Copy link

kmcquade commented Dec 24, 2020

This one is really interesting. I was reading about how to link up AWS Chatbot to Slack and thought about the potential for using Slack as an attack vector. Seems like AWS has anticipated this; the AWS Chatbot documentation says here that they do not support commands denied by the following IAM Policy:

  "Statement": [
      "Action": [
      "Effect": "Deny",
      "Resource": "*"
  "Version": "2012-10-17"

There is a strong overlap between that list and the ones provided on my list above.

If you are looking to prevent Data Exfiltration and Credential Exposure, I would suggest blocking the combination of both of these.

Copy link

kmcquade commented Jan 3, 2021

Note: I reflected this in a recent blog post:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment